- Title
- A Baseline Numeric Analysis of Network Telescope Data for Network Incident Discovery
- Creator
- Cowie, Bradley
- Creator
- Irwin, Barry V W
- Date Issued
- 2011
- Date
- 2011
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/427971
- Identifier
- vital:72477
- Identifier
- https://www.researchgate.net/profile/Barry-Ir-win/publication/326225071_An_Evaluation_of_Trading_Bands_as_Indicators_for_Network_Telescope_Datasets/links/5b3f231a4585150d2309e1c0/An-Evaluation-of-Trading-Bands-as-Indicators-for-Network-Telescope-Datasets.pdf
- Description
- This paper investigates the value of Network Telescope data as a mechanism for network incident discovery by considering data summa-rization, simple heuristic identification and deviations from previously observed traffic distributions. It is important to note that the traffic ob-served is obtained from a Network Telescope and thus does not expe-rience the same fluctuations or vagaries experienced by normal traffic. The datasets used for this analysis were obtained from a Network Tele-scope for the time period August 2005 to September 2009 which had been allocated a Class-C network address block at Rhodes University. The nature of the datasets were considered in terms of simple statistical measures obtained through data summarization which greatly reduced the processing and observation required to determine whether an inci-dent had occurred. However, this raised issues relating to the time in-terval used for identification of an incident. A brief discussion into statis-tical summaries of Network Telescope data as" good" security metrics is provided. The summaries derived were then used to seek for signs of anomalous network activity. Anomalous activity detected was then rec-onciled by considering incidents that had occurred in the same or simi-lar time interval. Incidents identified included Conficker, Win32. RinBot, DDoS and Norton Netware vulnerabilities. Detection techniques includ-ed identification of rapid growth in packet count, packet size deviations, changes in the composition of the traffic expressed as a ratio of its constituents and changes in the modality of the data. Discussion into the appropriateness of this sort of manual analysis is provided and suggestions towards an automated solution are discussed.
- Format
- 5 pages
- Format
- Language
- English
- Relation
- Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC)
- Relation
- Cowie, B. and Irwin, B., A Baseline Numeric Analysis of Network Telescope Data for Network Incident Discovery. In Southern African Telecommunications Networks and Applications Conference (SATNAC) (p. 339)
- Relation
- Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC) volume 2011 number 1 1 5 2011 Conference
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the Southern Africa Telecommunication Networks and Applications Conference (SA TNAC) Statement (https://www.satnac.org.za/)
- Hits: 193
- Visitors: 204
- Downloads: 13
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | A Baseline Numeric Analysis of Network Telescope Data for Network Incident Discovery.pdf | 324 KB | Adobe Acrobat PDF | View Details Download |